我目前正在學習PHP和MySQL,我一直在從一個基本的(雖然舊的)登錄腳本教程 - 我遇到過各種折舊功能等,我試圖改進這個腳本。如何將用戶/訪問級別添加到我當前的登錄腳本?
我想爲我的腳本添加不同的訪問級別,例如管理員和用戶。我在'用戶'表中添加了一行'access',用戶訪問權限爲'1',管理員權限爲'9'。
經過一些初步研究,似乎我需要能夠將用戶訪問級別存儲在會話變量中 - 這是正確的方式嗎?如果是這樣,當用戶登錄時,我最初將如何檢索這些內容?
一旦訪問級別存儲在會話變量中,我將如何限制對頁面的訪問 - 也許使用頭部重定向?
這是當前代碼我的工作從functions.php的
function checkLogin()
{
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0)
{
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else
{
return false;
}
}
而且從login.php中
if(isset($_POST['sublogin'])){
/* Check that all fields were typed in */
if(!$_POST['user'] || !$_POST['pass']){
$errors .= "You didn't fill in a required field.<br/>\n";
}
else{
/* Once all fields are entered - perform form validation */
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);
/* Check error codes */
if($result == 1){
$user_errors .= "That username doesn't exist in our database.<br/>\n";
}
else if($result == 2){
$pass_errors .= "Incorrect password, please try again.<br/>\n";
}
/* Username and password correct, register session variables */
if (empty($errors) && empty($user_errors) && empty($pass_errors)){
$_POST['user'] = mysql_real_escape_string($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
/* Quick self-redirect to avoid resending data on refresh */
echo "<META HTTP-EQUIV='refresh' CONTENT='0;URL=index.php'>";
}
/**
* This is the cool part: the user has requested that we remember that
* and one to hold his md5 encrypted password. We set them both to
* he's logged in, so we set two cookies. One to hold his username,
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}
//return;
}
}
任何幫助將非常感激,因爲我一直停留在這幾天現在,謝謝。
做**想通過一個cookie usersnames和密碼不**往返關鍵信息。非常非常糟糕的設計。然後不要盲目接受這些cookie值並將它們放入會話中。更糟糕的設計。 –